const ApiError = require('../error/api_error');
const ApiErrorNames = require('../error/api_error_name');
const jwt = require('jsonwebtoken')
const tool = require('./tool')
const tokenHelper = require('./token-helper')


exports.isAdmin = async  (ctx, next) => {
  const token = tool.getTokenFromCtx(ctx);
  if (token) {
    let user = tokenHelper.decodeToken(ctx);
    //1为管理员，比管理员大的数字直接阻断
    if (user.rank > 1) {
      ctx.status =  403
      throw new ApiError(ApiErrorNames.NO_AUTH);
    } else {
      //验证通过后放行
      await next();
    }
  }
}




